Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: SYS/SYSTEM account security - newbie Q
Further,
If they are persons you do not trust they should not be given the
password...Once in, that 'untrusted' user can alter the sys or system password
and lock everybody else out....
Ed Bruce <Ed.Bruce_at_ha.hac.com> wrote:
>cbeyer_at_my-dejanews.com wrote:
>>
>> I am an auditor -- not a techie. Based upon my research I recommended to
>> better secure the SYS/SYSTEM accounts (e.g. turn over password to IPO and
>> activate only when needed.)in order to prevent intentional or UNintential
>> changes to the database. Auditee responded that:
>
>My answer to this question is you have to trust somebody. In a Unix
>based system you need a sysadmin with root privileges. This person can
>do anything they want. So we hire and train someone we trust to have
>these privileges.
>
>The same thing with the DBA. You have to hire someone you trust with
>this level of responsibility. When there is a problem the DBA needs to
>fix the problem now, not later, not at some point when somebody is going
>to release a password.
>
>I do agree that the DBA password should be restricted to a few highly
>paid, trusted individuals. But if you put a stumbling block in their
>path and make them justify every time they need the password. And if one
>time they ask for the password and get it, then fail at some audit to
>justify their need and they get in trouble. What have we taught our DBA,
>let the problem simmer until its real bad, don't take chances.
>
>later,
>Ed Bruce
To reply please remove the 'nospam' part of the address Received on Tue Jan 12 1999 - 13:36:56 CST